sCTF Q1 2016 - Vertinet

Vertinet

Cryptography - 140 Points

Welcome to Vertinet.

This problem follows the same specifications as the previous Verticode problem, except that you have to solve many of them by developing a client to communicate with the server available at problems1.2016q1.sctf.io:50000. Good luck.

Writeup

Once solved the Verticode, this Challenge was pretty straightforward.

I tried to connect with nc and the server was printing an HTML page like this

<html><imgsrc='data:image/png;base64,BASE64_HERE'></img><br><br>

And wait for our response (the solution for that Verticode).
So I edited the previous script with some Networking and Base64 Library. Done.

#!/usr/bin/env pythonimportos,sysimportbase64fromioimportBytesIOimportImagefromsocketimportsocketimportredefparse_bin(r,g,b):ifr+g+b==0:return1else:return0# white is the new black 0defparse_color(r,g,b):ifr==255andg==0andb==0:#Redreturn0ifr==128andg==0andb==128:#Purplereturn1ifr==0andg==0andb==255:#Bluereturn2ifr==0andg==128andb==0:#Greenreturn3ifr==255andg==255andb==0:#Yellowreturn4ifr==255andg==165andb==0:#Orangereturn5defmain():sock=socket()sock.connect(('problems1.2016q1.sctf.io',50000))while1:text=""whileTrue:c=sock.recv(1024)printctext+=cif"</img>"intext:breakif"sctf"intext:exit(0)withopen("out.txt","a")astext_file:text_file.write(text+"\n")r=re.compile(r"base64,(.+?)'>")img=r.findall(text)[0]im=Image.open(BytesIO(base64.b64decode(img)))pix=im.load()m=12data=""key=""foriinxrange(im.size[1]/m):# Rowcolor=0forjinxrange(im.size[0]/m):# Colifj==0:r,g,b=pix[0,i*m]color=parse_color(r,g,b)ifj>=7:r,g,b=pix[j*m,i*m]data+=str(parse_bin(r,g,b))ifj==13:key+=chr(int(data,2)-color)data=""printkeysock.send(key)sock.close()return0if__name__=='__main__':main()